1. Home
  2. Palo Alto Networks
  3. PCNSA

Palo Alto Networks Certified Network Security Administrator (PCNSA)

Exam Details

  • Exam Code
    :PCNSA
  • Exam Name
    :Palo Alto Networks Certified Network Security Administrator (PCNSA)
  • Certification
    :Palo Alto Networks Certifications
  • Vendor
    :Palo Alto Networks
  • Total Questions
    :443 Q&As
  • Last Updated
    :May 05, 2025

Palo Alto Networks Palo Alto Networks Certifications PCNSA Questions & Answers

  • Question 341:

    Given the screenshot, what are two correct statements about the logged traffic? (Choose two.)

    A. The web session was unsuccessfully decrypted.

    B. The traffic was denied by security profile.

    C. The traffic was denied by URL filtering.

    D. The web session was decrypted.

  • Question 342:

    An administrator would like to override the default deny action for a given application and instead would like to block the traffic and send the ICMP code "communication with the destination is administratively prohibited". Which security policy action causes this?

    A. Drop

    B. Drop, send ICMP Unreachable

    C. Reset both

    D. Reset server

  • Question 343:

    Given the scenario, which two statements are correct regarding multiple static default routes when they are configured as shown in the image? (Choose two.)

    A. Path monitoring does not determine if route is useable

    B. Route with highest metric is actively used

    C. Path monitoring determines if route is useable

    D. Route with lowest metric is actively used

  • Question 344:

    Which file is used to save the running configuration with a Palo Alto Networks firewall?

    A. running-config.xml

    B. run-config.xml

    C. running-configuration.xml

    D. run-configuratin.xml

  • Question 345:

    What do dynamic user groups you to do?

    A. create a QoS policy that provides auto-remediation for anomalous user behavior and malicious activity

    B. create a policy that provides auto-sizing for anomalous user behavior and malicious activity

    C. create a policy that provides auto-remediation for anomalous user behavior and malicious activity

    D. create a dynamic list of firewall administrators

  • Question 346:

    Based on the show security policy rule would match all FTP traffic from the inside zone to the outside zone?

    A. internal-inside-dmz

    B. engress outside

    C. inside-portal

    D. intercone-default

  • Question 347:

    An administrator configured a Security policy rule where the matching condition includes a single application and the action is set to deny. What deny action will the firewall perform?

    A. Drop the traffic silently

    B. Perform the default deny action as defined in the App-ID database for the application

    C. Send a TCP reset packet to the client- and server-side devices

    D. Discard the session's packets and send a TCP reset packet to let the client know the session has been terminated

  • Question 348:

    An administrator has an IP address range in the external dynamic list and wants to create an exception for one specific IP address in this address range. Which steps should the administrator take?

    A. Add the address range to the Manual Exceptions list and exclude the IP address by selecting the entry.

    B. Add each IP address in the range as a list entry and then exclude the IP address by adding it to the Manual Exceptions list.

    C. Select the address range in the List Entries list. A column will open with the IP addresses. Select the entry to exclude.

    D. Add the specific IP address from the address range to the Manual Exceptions list by using regular expressions to define the entry.

  • Question 349:

    Which three filter columns are available when setting up an Application Filter? (Choose three.)

    A. Parent App

    B. Category

    C. Risk

    D. Standard Ports

    E. Subcategory

  • Question 350:

    A server-admin in the USERS-zone requires SSH-access to all possible servers in all current and future Public Cloud environments. All other required connections have already been enabled between the USERS- and the OUTSIDE-zone. What configuration-changes should the Firewall-admin make?

    A. Create a custom-service-object called SERVICE-SSH for destination-port-TCP-22. Create a security-rule between zone USERS and OUTSIDE to allow traffic from any source IP-address to any destination IP-address for SERVICE-SSH

    B. Create a security-rule that allows traffic from zone USERS to OUTSIDE to allow traffic from any source IP-address to any destination IP-address for application SSH

    C. In addition to option a, a custom-service-object called SERVICE-SSH-RETURN that contains source-port-TCP-22 should be created. A second security-rule is required that allows traffic from zone OUTSIDE to USERS for SERVICE-SSHRETURN for any source- IP-address to any destination-Ip-address

    D. In addition to option c, an additional rule from zone OUTSIDE to USERS for application SSH from any source-IP-address to any destination-IP-address is required to allow the return-traffic from the SSH-servers to reach the server-admin

Related Exams:

Tips on How to Prepare for the Exams

Nowadays, the certification exams become more and more important and required by more and more enterprises when applying for a job. But how to prepare for the exam effectively? How to prepare for the exam in a short time with less efforts? How to get a ideal result and how to find the most reliable resources? Here on Vcedump.com, you will find all the answers. Vcedump.com provide not only Palo Alto Networks exam questions, answers and explanations but also complete assistance on your exam preparation and certification application. If you are confused on your PCNSA exam preparations and Palo Alto Networks certification application, do not hesitate to visit our Vcedump.com to find your solutions here.